RSA Security Analytics: Software that gives security operations teams complete visibility to detect, investigate, and take targeted action against even the most advanced of attacks before they can impact the business.

GAIN COMPLETE VISIBILITY

RSA Security Analytics eliminates blind spots with visibility across logs, networks, and endpoints. Inspect every network, packet session, and log event for threat indicators at time of collection with capture time data enrichment.

TAKE TARGETED ACTION

Prioritize investigations and streamline multiple analyst workflows in one tool. Instantly pivot from incidents into deep endpoint and network packet detail to understand the true nature and scope of the issue.

MODULAR

Choose the full product incorporating SIEM and network forensics or implement different parts according to your needs.

Explore product options and get a quote

Details

RSA Security Analytics gives security teams the ability to unleash their full potential and stand tall against today’s attackers by evolving from a traditional log-centric approach to one with better visibility, analysis, and workflow. With RSA Security Analytics, teams have the power to detect and analyze even the most advanced of attacks before they can impact their organization. Once spotted, security analysts can investigate, prioritize, and remediate incidents with unprecedented precision and speed.

Identify high-risk indicators of compromise by harnessing the power of big data and data science techniques

Action – Take targeted action on the most important incidents

Prioritize investigations and streamline multiple analyst workflows in one tool, enabling incident response and escalation to begin immediately and putting the advantage of time back on the side of the defender.

Instantly pivot from incidents into deep endpoint and network packet detail to perform network forensics and understand the true nature and scope of the issue. Separate the threats from the white noise, cutting hours or days from the threat detection process and eliminating time wasted due to false positives.

Manage compliance and more proactively defend your network and assets with compliance and threat reporting in a single place.

Our experience with hundreds of the world’s leading security operations teams has been encoded into our templates, workflows, and alerts, giving your current team the capabilities developed over years by the world’s best security operations personnel.

Platform

The RSA Security Analytics platform is comprised of two primary elements: the capture infrastructure and the analysis and retention infrastructure.

CAPTURE INFRASTRUCTURE

RSA's unique architecture allows organizations to collect and analyze large amounts of data and expand linearly. The federated infrastructure allows organizations to scale while still maintaining the ability to analyze and query seamlessly across the system, unlike other vendors who need to centralize all data for analysis and slow down as the central site becomes larger. In addition to improved scalability, security teams can also analyze and query seamlessly across the system at top speeds. The capture infrastructure consists of decoders for ingest, concentrators for indexing, and brokers/analytic server for querying.

RSA Security Analytics Decoder
The decoder is a configurable network appliance that enables real-time collection, filtering, and analysis of network packet and log data. Position the decoder(s) on the network egress, core, or segment.

The packet decoder reassembles and normalizes network traffic at every layer for real-time, full session analysis. Appliances can be operated in continuous capture mode or to consume traffic from any source.

The log decoder leverages packet decoder architecture for hundreds of devices and common log formats. Additionally, the log decoder will collect endpoint and netflow data.

RSA Security Analytics Concentrator
The concentrator aggregates metadata from decoders to enable scalability and flexibility across network topologies and geographies. You can deploy them in tiers to provide high availability for multiple decoder locations.

RSA Security Analytics Broker/Analytic Server
The broker/analytic server facilitates queries across multiple concentrators. The broker provides a single point of access to security analytics metadata and operates and scales independently of network latency, throughput, or data volume. The analytic server hosts the web server required for investigation, reporting, and administration.

ANALYSIS AND RETENTION INFRASTRUCTURE

Unlike other tools, RSA Security Analytics has the ability to discover attacks as they're happening by correlating logs, packets, netflow, and endpoint data together. Security analytics also harnesses the power of big data and combines it with the data science techniques leveraged in the advanced analytics modules used with the RSA Warehouse, powered by Pivotal.

RSA Analytics Warehouse (Powered by Pivotal HD)
The RSA Analytics Warehouse includes Hadoop infrastructure specifically designed to manipulate large amounts of data and run complex queries for advanced analysis. It leverages out-of-the-box analytics to take advantage of the data it has stored.

Applications

RSA Security Analytics detects and analyzes even the most advanced attacks before they can impact the business.

Detection and Alerting

Discover attacks missed by traditional security information and event management (SIEM) and signature-based tools by correlating network packets, netflow, endpoints, and logs. By leveraging capture time data enrichment and event stream analysis for correlation, RSA Security Analytics identifies threats in real time compared to the days or even weeks required with competitive solutions.

RSA Security Analytics Investigation and Triage

Instantly pivot from incidents into deep endpoint and network packet detail to perform network forensics and understand the true nature and scope of the issue. Investigations are driven by multidimensional visibility that eliminates blind spots where threats can take root.

News & Blogs

News

Sep 09, 2014

Blogs

Training & Events

Attend

Freeware

Get freeware for RSA NetWitness Investigator, the award-winning software that served as the foundation for the investigative powers behind RSA Security Analytics. Start collecting and identifying packets that are transmitted in your network and experience the unlimited, free-form analysis dimensions provided. Effectively analyze data starting from application layer entities like users, email, address, files, and actions.